Just a notice, I’m migrating my site away from wordpress.com to a self-managed wordpress site on 1&1. I should be keeping the same domain, but I’ve also purchased a few more that I might change to. I’m anticipating this migration will take the rest of the week, so my site might go down intermittently. […]Read More Migrating To 1&1
Introduction Malicious actors have multiple ways to share data they have stolen from websites or services. Some might post to popular forums to gain notoriety while others might post anonymously to paste sites like PasteBin. Combing through all the pastes being posted is beyond the ability of humans, so I’ve created a tool that helps […]Read More The PasteBin Treasure Hunter
Version Tested 2.1.8 CVE Number CVE-2019-7550 Security Advisories None Background While conducting a penetration test for a customer, I encountered an unused developer forum using JForum version 2.1.8 and started looking for vulnerabilities within the application. Issue When creating a new user within the application, the browser sends a GET request to the server to […]Read More Information Disclosure in JForum 2.1.x
I completed my Certified Ethical Hacker exam today, so to celebrate, here is a full Boot to Root guide of the Toppo Box on Vulnhub. This was a really fun challenge! First, power up the machine and make sure it can get an IP via DHCP. Next, we’re scanning it with nmap to see what […]Read More CEH Victory Dance, with bonus hacking!
LogMeIn did a really cool report they’re nicknaming “The State of the Password“, which breaks down a company’s security score by size and industry. They took a census of 43,000 companies to gather all of this data. Here are some highlights of the report: The bigger the company, the worse the score This one should […]Read More Enterprise Password Security Scores
A lot of users think having an antivirus is the silver bullet to all of their security problems. Plot twist: It isn’t. There is a relatively simple way to bypass antivirus and execute code on a remote machine, and the whole process takes less than 30 minutes. First, you need a Kali VM that has […]Read More Antivirus Bypass Technique
For researchers getting into malware analysis, or organizations that need somewhere to test suspicious files, sandboxes are a great way to isolate and run potentially malicious attachments or files before letting them get into your network. You can use any of the available cloud services like Cisco’s ThreatGrid, any.run, or Joe Sandbox. The downside to […]Read More Playing in Sandboxes